You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

New variant of Ransomware Files infected with .ajge extension...

Hi Friends, I have a costumer infected with a new variant of ransomware, I guess is al-namrood in a new version, i'm not sure because it doesn't use the same methodology, but I guess it is this ransomware because I ran the decryption tool from emisisoft (decrypt alnamrood) and the file was decrypted, but the decrypted file only shows garbage code, I know this happened because the ID used is not the right key to decrypt.

I've tried to upload all the images here in the post, but they were deleted...or I don't know how to do it... : )

I changed the orginal name of the message and the last 6 digits from the original Id to send the mesage, only for security reasons... : )

I've tried to obtain a code from the registry keys and deleted files, but at this moment I didn't find another key or .dll file which can indicate me what is the ID right key to decrypt these files.... I checked the whole disk with a recovery program, but none of these encrypted files were deleted, they only were over written....

I hope someone here, can help me to know more about this Ransomware... I've tried with another decryptions tools but I haven't had successful. In fact, I have one original xml file and the same file but encrypted to make tests.

I've tried with another decryptions tools but I'm not have successful

I've uploaded 3 files, 2 encrypted with this ransomware and one original at this link...

BC AdBot (Login to Remove)

There are several different ransomware infections which append a random 4, 5, 6, 7, or 8 character extension to the end of all affected filenames (i.e. CTB-Locker, Crypt0L0cker, Maktub Locker, Alma Locker, Princess Locker, Locked-In, Mischa, Goldeneye, Al-Namrood 2.0, Cerber v4x/v5x and some Xorist variants).

The best way to identify the different ransomwares that use "random character extensions" is the ransom note (including it's name), samples of the encrypted files, the malware file itself or at least information related to the email address used by the cyber-criminals to request payment.

Did you submit any samples of encrypted files and ransom notes to ID Ransomware for assistance with identification and confirmation? Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.

Demonslay335 most likely will check out the SHA1 when he logs in later today.

Samples of any encrypted files, ransom notes or suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted here (https://www.bleepingcomputer.com/submit-malware.php?channel=168) with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button. Doing that will be helpful with analyzing and investigating by our crypto experts.

Hi, I made a exactly copy of the original drive, I have the original drive untouch.... : )

I will try to find another files that can help to find how the key was made...this ransomware encrypted too a usb hard drive, I checked this and all the files were encrypted too, but the ransomware not delete any of the files, only they were over written....

someone know If I can decrypt these files with another program like decrypt alnamrood?, because this program onle let me to put a key of 8 characters, and I think the key must be longer, : (